[Snort-sigs] Strange signatures

Daniel J. Roelker droelker at ...435...
Mon Apr 5 07:22:23 EDT 2004


Hi Xavier,

These alerts are from the http_inspect preprocessor.  Check out either
the Snort User Manual or the README.http_inspect in docs/.  Both contain
explanations about these events, and also how to configure http_inspect
for your network environment.

Dan

On Fri, 2004-04-02 at 05:02, Xavier Mesquida wrote:
> Since i've upgrade to the last Snort version i receive
> some strange signatures that don't have documentation.
> 
> Where can i disable them? I don't found them in any
> rules file:
> 
> (http_inspect) IIS UNICODE CODEPOINT ENCODING
> 
> (http_inspect) OVERSIZE REQUEST-URI DIRECTORY    
> 
> (http_inspect) DOUBLE DECODING ATTACK
> 
> (http_inspect) BARE BYTE UNICODE ENCODING 
>    
> Thanks
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business $15K Web Design Giveaway 
> http://promotions.yahoo.com/design_giveaway/
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.





More information about the Snort-sigs mailing list